We help IT Professionals succeed at work.
Get Started
Setting up LDAPS on Windows 2008
Hello,
I followed the directions here: http://support.microsoft.com/kb/321051 to set up LDAPS. I used a certificate purchased from GoDaddy. After rebooting, I cannot get the connection to work using ldp.exe. I'm thinking maybe my certificate was configured incorrectly?
The name of the server is DNSSrvr1. The DN for the server is CN=DNSSrvr1,OU=Domain Controllers,DC=mydomain,DC
;----------------- request.inf -----------------
[Version]
Signature="$Windows NT$
[NewRequest]
Subject = "CN=DNSSrvr1,OU=Domain Controllers,DC=mydomain,DC
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;-------------------------
The certificate came back from GoDaddy for "DNSSrvr1", not the entire DN, could that be an issue?
I put the certificate in the Local Computer Personal container.
When I run the ldp.exe utility, entering either the name of the server or the IP of the server, trying them in combination with both port 636 and 3269, I get Error <0x51>: Fail to connect to DNSSrvr1.
Any ideas? I'm not quite sure where to go from here. I hate to go through the process of re-requesting the certificate if that isn't the issue.
Thank you,
Christine
I followed the directions here: http://support.microsoft.com/kb/321051 to set up LDAPS. I used a certificate purchased from GoDaddy. After rebooting, I cannot get the connection to work using ldp.exe. I'm thinking maybe my certificate was configured incorrectly?
The name of the server is DNSSrvr1. The DN for the server is CN=DNSSrvr1,OU=Domain Controllers,DC=mydomain,DC
;----------------- request.inf -----------------
[Version]
Signature="$Windows NT$
[NewRequest]
Subject = "CN=DNSSrvr1,OU=Domain Controllers,DC=mydomain,DC
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;-------------------------
The certificate came back from GoDaddy for "DNSSrvr1", not the entire DN, could that be an issue?
I put the certificate in the Local Computer Personal container.
When I run the ldp.exe utility, entering either the name of the server or the IP of the server, trying them in combination with both port 636 and 3269, I get Error <0x51>: Fail to connect to DNSSrvr1.
Any ideas? I'm not quite sure where to go from here. I hate to go through the process of re-requesting the certificate if that isn't the issue.
Thank you,
Christine
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE